CVE-2022-37418

6.4 MEDIUM
Published: August 24, 2022 Modified: April 06, 2026
View on NVD

Description

The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://hackaday.com/2022/08/17/rollback-breaks-into-your-car/
Source: cve@mitre.org
Exploit Third Party Advisory
https://medium.com/codex/rollback-a-new-time-agnostic-replay-attack-against-the-automotive-remote-keyless-entry-systems-df5f99ba9490
Source: cve@mitre.org
Exploit Third Party Advisory
https://www.blackhat.com/us-22/briefings/schedule/#rollback---a-new-time-agnostic-replay-attack-against-the-automotive-remote-keyless-entry-systems-27185
Source: cve@mitre.org
Exploit Third Party Advisory
https://www.pcmag.com/news/is-your-car-key-fob-vulnerable-to-this-simple-replay-attack
Source: cve@mitre.org
Press/Media Coverage Third Party Advisory
https://www.youtube.com/playlist?list=PLYodcy84oQL1gxwiuRm13xRXxTQL9cO5t
Source: cve@mitre.org
Exploit Third Party Advisory
https://hackaday.com/2022/08/17/rollback-breaks-into-your-car/
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
https://medium.com/codex/rollback-a-new-time-agnostic-replay-attack-against-the-automotive-remote-keyless-entry-systems-df5f99ba9490
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
https://www.blackhat.com/us-22/briefings/schedule/#rollback---a-new-time-agnostic-replay-attack-against-the-automotive-remote-keyless-entry-systems-27185
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
https://www.pcmag.com/news/is-your-car-key-fob-vulnerable-to-this-simple-replay-attack
Source: af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage Third Party Advisory
https://www.youtube.com/playlist?list=PLYodcy84oQL1gxwiuRm13xRXxTQL9cO5t
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory

10 reference(s) from NVD

Quick Stats

CVSS v3 Score
6.4 / 10.0
EPSS (Exploit Probability)
2.0%
83th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-294

Affected Vendors

hyundai kia nissan

Related CVEs

CVE-2026-4837 6.6
CVE-2026-4498 7.7
CVE-2026-33461 7.7
CVE-2026-33460 4.3
CVE-2026-31017 N/A